https://transport.data.gouv.fr
Faciliter l'accès à l’information voyageur pour tous, partout en France, grâce à l’ouverture des données.

Nmap
Scan Summary :
| severity | service | vulnerability |
info | http (port:80) | |
info | tcpwrapped (port:179) | |
info | https (port:443) | |
info | socks (port:1080) | |
info | pvuniwien (port:1081) | |
info | ppp (port:3000) | |
info | ssh (port:5002) | |
info | amqp (port:5800) | |
info | unknown (port:5962) | |
info | tcpwrapped (port:9999) |
Mozilla HTTP observatory
Scan Summary :
| Impact | Description | Documentation |
| Doc Content Security Policy. L'extension github.com/april/laboratory permet de générer la CSP pour votre application. | ||
| OWASP Session Management Cheat Sheet. | ||
| Doc header Strict-Transport-Security (HSTS). |
Scan OWASP
| risk | name |
High (High) | PII Disclosure |
Medium (High) | CSP: Wildcard Directive |
Medium (High) | CSP: script-src unsafe-eval |
Medium (High) | CSP: script-src unsafe-inline |
Medium (High) | Content Security Policy (CSP) Header Not Set |
Medium (High) | Sub Resource Integrity Attribute Missing |
Medium (Medium) | Application Error Disclosure |
Medium (Medium) | Missing Anti-clickjacking Header |
Medium (Low) | Absence of Anti-CSRF Tokens |
Low (High) | CSP: Notices |
Low (High) | Strict-Transport-Security Header Not Set |
Low (Medium) | Application Error Disclosure |
Low (Medium) | Cookie Without Secure Flag |
Low (Medium) | Cross-Domain JavaScript Source File Inclusion |
Low (Medium) | Permissions Policy Header Not Set |
Low (Medium) | X-Content-Type-Options Header Missing |
Low (Low) | Dangerous JS Functions |
Low (Low) | Timestamp Disclosure - Unix |
Informational (High) | Sec-Fetch-Dest Header is Missing |
Informational (High) | Sec-Fetch-Mode Header is Missing |
Informational (High) | Sec-Fetch-Site Header is Missing |
Informational (High) | Sec-Fetch-User Header is Missing |
Informational (Medium) | Base64 Disclosure |
Informational (Medium) | Information Disclosure - Sensitive Information in URL |
Informational (Medium) | Modern Web Application |
Informational (Medium) | Non-Storable Content |
Informational (Medium) | Session Management Response Identified |
Informational (Low) | Information Disclosure - Suspicious Comments |
Informational (Low) | Re-examine Cache-control Directives |
Informational (Low) | User Controllable HTML Element Attribute (Potential XSS) |
Nuclei
| Séverité | Name | Matcher |
info | DNS DMARC - Detect | dmarc-detect |
info | CAA Record | caa-fingerprint |
info | NS Record Detection | nameserver-fingerprint |
info | DNS TXT Record Detected | txt-fingerprint |
info | MX Record Detection | mx-fingerprint |
info | Wappalyzer Technology Detection | mailchimp |
info | HTTP Missing Security Headers | cross-origin-opener-policy |
info | HTTP Missing Security Headers | cross-origin-resource-policy |
info | HTTP Missing Security Headers | permissions-policy |
info | HTTP Missing Security Headers | x-frame-options |
info | HTTP Missing Security Headers | referrer-policy |
info | HTTP Missing Security Headers | x-permitted-cross-domain-policies |
info | HTTP Missing Security Headers | clear-site-data |
info | HTTP Missing Security Headers | cross-origin-embedder-policy |
info | HTTP Missing Security Headers | strict-transport-security |
info | HTTP Missing Security Headers | content-security-policy |
info | HTTP Missing Security Headers | x-content-type-options |
info | TLS Version - Detect | tls-version |
info | TLS Version - Detect | tls-version |
info | Detect SSL Certificate Issuer | ssl-issuer |
info | SSL DNS Names | ssl-dns-names |